tor, 05.05.2005 kl. 12.02 skrev taso: > The smbldap-populate script in smbldap-tools-0.8.8-1 (and other versions) > no longer adds a user called Administrator - it adds a user called root. So > what you now get is: > > # getent passwd | fgrep x:0 > root:x:0:0:root:/root:/bin/bash > root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false
Yet another reason for me not to use the smbldap-tools. There are several others. > The first entry comes from /etc/passwd while the second comes from LDAP. > > I would feel happier if the LDAP root user had the same values as the > /etc/passwd root user for common attributes, Ie home directory -> /root > and shell -> /bin/bash. Would anyone hazard a guess as to what I would > screw up by doing that? You wouldn't screw up anything, apart from security. > Why is it it necessary to have an LDAP root user anyway? Would it work > to have an LDAP Administrator user instead and map him to /etc/passwd > root (as someone has previously mentioned)? I don't recall what Samba version you're using, but if I recall correctly, the only thing the root user was ever needed for, was joining machines to a domain. Presumably because he had to write to restricted files. From Samba 3.0.11 the privilege SeMachineAccountPrivilege can be assigned to a mortal to do this, so root isn't necessary at all from that version upward. That was the vision of the samba team. I don't have a root user in LDAP any longer, I don't need him. The point about Administrator is, that he's only good for anything in Windows and it's his SID that counts. Why Idealx would want to turn everything back to what it was before and muck up security by reimplementing a second 0:0 object I can't even guess. > > http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf > > http://www.samba.org/samba/docs/Samba-Guide.pdf > > > I don't know about the HOWTO-Collection but the example in the Guide shows: > > # getent passwd | grep root > root:x:998:512:Netbios Domain Administrator:/home:/bin/false > > Why does LDAP root have uid 998 and what happened to the /ete/password root > user? On my rigs, though getent works normally for LDAP-based posixAccount users, it doesn't give duplicates. If a user (e.g. root) is only present in /etc/passwd, it will return that entry. If there's a duplicate entry in passwd and LDAP (e.g. tonni) it will only return the passwd entry, not the LDAP entry. Otherwise it returns the LDAP entry. It never returns more than one entry. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
